CVE-2016-9535
libtiff: Predictor heap-buffer-overflow
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
tif_predict.h y tif_predict.c en libtiff 4.0.6 tienen aserciones que pueden conducir a fallos de aserción en modo debug, o desbordamientos de búfer en modo de liberación, cuando trata con un tamaño inusual de tile como YCbCr con submuestreo. Reportado como MSVR 35105, vulnerabilidad también conocida como "Predictor heap-buffer-overflow".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-11-21 CVE Reserved
- 2016-11-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94484 | Third Party Advisory | |
| http://www.securityfocus.com/bid/94744 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 | 2018-01-05 | |
| https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 | 2018-01-05 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0225.html | 2018-01-05 | |
| http://www.debian.org/security/2017/dsa-3844 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2016-9535 | 2017-02-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1397755 | 2017-02-01 |